← Back to CVEs
CVE-2019-10605
HIGH7.8
Description
Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, IPQ8074, MDM9607, MDM9650, MSM8909, MSM8939, QCN7605, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24
CVE Details
CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published12/18/2019
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
qualcomm:apq8009qualcomm:apq8009_firmwarequalcomm:apq8053qualcomm:apq8053_firmwarequalcomm:ipq8074qualcomm:ipq8074_firmwarequalcomm:mdm9607qualcomm:mdm9607_firmwarequalcomm:mdm9650qualcomm:mdm9650_firmwarequalcomm:msm8909qualcomm:msm8909_firmwarequalcomm:msm8939qualcomm:msm8939_firmwarequalcomm:qcn7605qualcomm:qcn7605_firmwarequalcomm:sda660qualcomm:sda660_firmwarequalcomm:sdm630qualcomm:sdm630_firmwarequalcomm:sdm636qualcomm:sdm636_firmwarequalcomm:sdm660qualcomm:sdm660_firmwarequalcomm:sdx20qualcomm:sdx20_firmwarequalcomm:sdx24qualcomm:sdx24_firmware
Weaknesses (CWE)
CWE-120
References
https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin(product-security@qualcomm.com)
https://www.qualcomm.com/company/product-security/bulletins/december-2019-bulletin(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.